﻿Imports System.Data.SqlClient
Imports System.Data
Imports System.Net.Mail
Imports System.Net
Imports System.Xml
Imports system.web

Public Class MallUtility

  Public Shared Function MyGetRequestValue(ByVal strItem As String) As String
    '配合滲透測試結果修改, Request Type=Get用Request.QueryString取值, Request Type=POST 用Request.Form取值
    Dim strRet As String = ""
    Dim sRequestType As String = System.Web.HttpContext.Current.Request.RequestType
    If sRequestType = "GET" Then
      strRet = System.Web.HttpContext.Current.Request.QueryString(strItem)
    ElseIf sRequestType = "POST" Then
      '---POST的情況,變數值可能在url上,故先用QueryString抓值,若為nothing再用request.form取值
      strRet = System.Web.HttpContext.Current.Request.QueryString(strItem)
      If IsNothing(strRet) Then
        strRet = System.Web.HttpContext.Current.Request.Form(strItem)
      End If
    End If

    If String.IsNullOrEmpty(strRet) Then Return strRet
    '配合滲透測試結果建議,取值後用htmlEncode轉換,防堵url傳入可執行字元.
    strRet = System.Web.HttpUtility.HtmlEncode(strRet)
    strRet = strRet.Trim()
    strRet = strRet.Replace("'", "")
    strRet = strRet.Replace("%", "")
    Return strRet
  End Function

  Public Sub MyMsgBox(ByVal strMsg As String)
    strMsg = Replace(strMsg, "'", "")
    strMsg = Replace(strMsg, vbCrLf, "")
    Dim strTmp As String = "<script>setTimeout(function(){alert('" & strMsg & "');},100)</script>"
    System.Web.HttpContext.Current.Session("Msg") = strMsg
    'System.Web.HttpContext.Current.Response.Write(strTmp)
  End Sub

  Public Sub MyGoTo(ByVal strUrl As String)
    Dim strTmp As String = "<script>location='" & System.Web.HttpUtility.HtmlEncode(strUrl) & "';</script>"
    If Len(System.Web.HttpContext.Current.Session("MsgPage")) > 0 Then
      System.Web.HttpContext.Current.Session("MsgPage") += 1
    Else
      System.Web.HttpContext.Current.Session("MsgPage") = 1
    End If
    System.Web.HttpContext.Current.Response.Write(strTmp)
  End Sub

  Public Shared Function GetOrderNo(ByVal vaccode As String) As String
    Dim res, o1, o2 As String
    o1 = Mid(vaccode, 5, 6)
    o2 = Mid(vaccode, 11, 3)
    res = "20" + o1 + "0" + o2
    Return res
  End Function


End Class

